Did Equifax really think it could hide behind the total number of people affected being smaller than other recent data breaches?
Sometimes the top-line numbers can obscure the real story and so was the case with the Equifax data breach, which affected 143m Americans and around 400,000 Brits. Initially, it felt like the story was downplayed because of other much larger data breaches involving 700m people globally. But there is a huge difference here and it shouldn’t have been a surprise that this erupted into a major failure for Equifax.
No data breach involving personal data is minor as it can lead to attempts to use the data to gain further personal information. In the case of Equifax, the amount of data on each individual was much bigger and included names, addresses, phone numbers, credit card numbers, birth dates and social security numbers. This is the type of data used to authenticate people at banks and do not change over time and are not protected for fraud as credit card numbers are.
Luckily for the 400,000 Brits, it seems to be a much smaller footprint but still includes names, date of birth, email addresses.
The response from Equifax has been a textbook failure.